Summary
WordPress is prone to an information-disclosure vulnerability because it fails to properly restrict access to trashed posts.
An attacker can exploit this vulnerability to view other authors' trashed posts, which may aid in further attacks.
Versions prior to WordPress 2.9.2 are vulnerable.
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVE CVE-2010-0682 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache Solr Directory Traversal Vulnerability Jan-14
- Apache Tomcat NIO Connector Denial of Service Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities